[Git][security-tracker-team/security-tracker][master] new bwm-ng non issue

Moritz Muehlenhoff (@jmm) Wed, 20 Apr 2022 04:42:51 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fc57db97 by Moritz Muehlenhoff at 2022-04-20T13:35:20+02:00
new bwm-ng non issue
new gitlab issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -292,9 +292,9 @@ CVE-2022-1386
 CVE-2022-29405
        RESERVED
 CVE-2022-1385 (Mattermost 6.4.x and earlier fails to properly invalidate 
pending emai ...)
-       TODO: check
+       - mattermost-server <itp> (bug #823556)
 CVE-2022-1384 (Mattermost version 6.4.x and earlier fails to properly check 
the plugi ...)
-       TODO: check
+       - mattermost-server <itp> (bug #823556)
 CVE-2022-1383 (Heap-based Buffer Overflow in GitHub repository 
radareorg/radare2 prio ...)
        - radare2 <unfixed>
        NOTE: https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9
@@ -488,7 +488,7 @@ CVE-2022-29317
 CVE-2022-29316
        RESERVED
 CVE-2022-29315 (Invicti Acunetix before 14 allows CSV injection via the 
Description fi ...)
-       TODO: check
+       NOT-FOR-US: Invicti Acunetix
 CVE-2022-29314
        RESERVED
 CVE-2022-29313
@@ -556,7 +556,7 @@ CVE-2022-29283
 CVE-2022-29282
        RESERVED
 CVE-2022-29281 (Notable before 1.9.0-beta.8 doesn't effectively prevent the 
opening of ...)
-       TODO: check
+       NOT-FOR-US: Notable
 CVE-2022-29280
        RESERVED
 CVE-2022-29279
@@ -618,7 +618,7 @@ CVE-2022-1367
 CVE-2022-1366
        RESERVED
 CVE-2022-1365 (Exposure of Private Personal Information to an Unauthorized 
Actor in G ...)
-       TODO: check
+       NOT-FOR-US: lquixada/cross-fetch
 CVE-2022-29265
        RESERVED
 CVE-2022-1364
@@ -891,7 +891,10 @@ CVE-2022-1343
 CVE-2022-1342
        RESERVED
 CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null 
write e ...)
-       TODO: check
+       - bwm-ng <unfixed> (unimportant)
+       NOTE: https://github.com/vgropp/bwm-ng/issues/26
+       NOTE: 
https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17
+       NOTE: No security impact
 CVE-2022-1340
        RESERVED
 CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository 
pimcore/pi ...)
@@ -1084,7 +1087,7 @@ CVE-2022-1331
 CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository 
alvarotri ...)
        TODO: check
 CVE-2022-1329 (The Elementor Website Builder plugin for WordPress is 
vulnerable to un ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt affecting all versions 
starting f ...)
        - mutt 2.2.3-1 (bug #1009734)
        - neomutt <unfixed> (bug #1009735)
@@ -1110,7 +1113,7 @@ CVE-2022-1320
 CVE-2022-29081
        RESERVED
 CVE-2022-29080 (The npm-dependency-versions package through 0.3.0 for Node.js 
allows c ...)
-       TODO: check
+       NOT-FOR-US: Node npm-dependency-versions
 CVE-2022-29079
        RESERVED
 CVE-2022-29078
@@ -3198,7 +3201,7 @@ CVE-2022-1195
 CVE-2022-1194
        RESERVED
 CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 
14.7.7, ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2022-1192
        RESERVED
 CVE-2021-46779
@@ -3396,15 +3399,15 @@ CVE-2022-1189 (An issue has been discovered in GitLab 
CE/EE affecting all versio
 CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab <unfixed>
 CVE-2022-1187 (The WordPress WP YouTube Live Plugin is vulnerable to Reflected 
Cross- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1186 (The WordPress plugin Be POPIA Compliant exposed sensitive 
information  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-28223 (Tekon KIO devices through 2022-03-30 allow an authenticated 
admin user ...)
        NOT-FOR-US: Tekon KIO devices
 CVE-2022-28222 (The CleanTalk AntiSpam plugin &lt;= 5.173 for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-28221 (The CleanTalk AntiSpam plugin &lt;= 5.173 for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-28220
        RESERVED
 CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in 
GitLab  ...)
@@ -3862,7 +3865,7 @@ CVE-2022-1121 (A lack of appropriate timeouts in GitLab 
Pages included in GitLab
 CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting 
all ve ...)
        - gitlab <unfixed>
 CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to 
Arbitrary File  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1118
        RESERVED
 CVE-2022-1117



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc57db970776ac0a798e8b57009197bb2bb22a4b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc57db970776ac0a798e8b57009197bb2bb22a4b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new bwm-ng non issue

Reply via email to